//
//  AFHTTPSessionManager+RAExtension.m
//  RayoSmartBleKey
//
//  Created by Piccolo on 05/02/2018.
//  Copyright © 2018 Piccolo. All rights reserved.
//

#import "AFHTTPSessionManager+RAExtension.h"


@implementation AFHTTPSessionManager (RAExtension)

+ (AFHTTPSessionManager *)sharedManager {
    
    static AFHTTPSessionManager *manager = nil;
    static dispatch_once_t onceToken;
    dispatch_once(&onceToken, ^{
        manager = [AFHTTPSessionManager manager];
        AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
        securityPolicy.validatesDomainName = NO;
        securityPolicy.allowInvalidCertificates = YES;//是否允许使用自签名证书
        manager.securityPolicy = securityPolicy;
//        [manager.session invalidateAndCancel];
        manager.requestSerializer = [AFJSONRequestSerializer serializer];
        manager.responseSerializer = [AFJSONResponseSerializer serializer];
        manager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"application/json"];
        manager.requestSerializer.timeoutInterval = 10;
        
        /**
         AFSecurityPolicy分三种验证模式：
         AFSSLPinningModeNone:只是验证证书是否在信任列表中
         AFSSLPinningModeCertificate：该模式会验证证书是否在信任列表中，然后再对比服务端证书和客户端证书是否一致
         AFSSLPinningModePublicKey：只验证服务端证书与客户端证书的公钥是否一致
         */
        
//        AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
//        securityPolicy.allowInvalidCertificates = YES;//是否允许使用自签名证书
//        securityPolicy.validatesDomainName = NO;//是否需要验证域名，默认YES
//        
//        AFHTTPSessionManager *_manager = [AFHTTPSessionManager manager];
//        _manager.responseSerializer = [AFHTTPResponseSerializer serializer];
//        _manager.securityPolicy = securityPolicy;
//        //设置超时
//        [_manager.requestSerializer willChangeValueForKey:@"timeoutinterval"];
//        _manager.requestSerializer.timeoutInterval = 20.f;
//        [_manager.requestSerializer didChangeValueForKey:@"timeoutinterval"];
//        _manager.requestSerializer.cachePolicy = NSURLRequestReloadIgnoringCacheData;
//        _manager.responseSerializer.acceptableContentTypes  = [NSSet setWithObjects:@"application/xml",@"text/xml",@"text/plain",@"application/json",nil];
        
//        __weak typeof(_manager) weakManager = _manager;
//        [_manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession *session, NSURLAuthenticationChallenge *challenge, NSURLCredential *__autoreleasing *_credential) {
//
//            SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
//            /**
//             *  导入多张CA证书
//             */
//            NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"cer"];//自签名证书
//            NSData* caCert = [NSData dataWithContentsOfFile:cerPath];
//            NSArray *cerArray = @[caCert];
//            weakManager.securityPolicy.pinnedCertificates = cerArray;
//
//            SecCertificateRef caRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)caCert);
//            NSCAssert(caRef != nil, @"caRef is nil");
//
//            NSArray *caArray = @[(__bridge id)(caRef)];
//            NSCAssert(caArray != nil, @"caArray is nil");
//
//            OSStatus status = SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)caArray);
//            SecTrustSetAnchorCertificatesOnly(serverTrust,NO);
//            NSCAssert(errSecSuccess == status, @"SecTrustSetAnchorCertificates failed");
//
//            NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
//            __autoreleasing NSURLCredential *credential = nil;
//            if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
//                if ([weakManager.securityPolicy evaluateServerTrust:challenge.protectionSpace.serverTrust forDomain:challenge.protectionSpace.host]) {
//                    credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
//                    if (credential) {
//                        disposition = NSURLSessionAuthChallengeUseCredential;
//                    } else {
//                        disposition = NSURLSessionAuthChallengePerformDefaultHandling;
//                    }
//                } else {
//                    disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;
//                }
//            } else {
//                disposition = NSURLSessionAuthChallengePerformDefaultHandling;
//            }
//
//            return disposition;
//        }];
    
        
        
    });
    return manager;
}

@end
